Monitor-interface command on FWSM

Unanswered Question
Jul 16th, 2009


I am confussed about the failover process on 6500. The doc says that if the firewall does not receive hello on failover link, it does network activity test on the interfaces. My question is what if the interfaces have gone down on a firewall but the unit is still responding on failover interface, will this cause a failover or not?

what is the relevance of the monitor-interface command?

please help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
branfarm1 Thu, 07/16/2009 - 18:24

Hi there,

With the monitor-interface command you are telling the FWSM to exchange hello's between the interface being monitored, and the same interface on the secondary or standby device. So the hello traffic for any given monitored interface is traversing the network between the interfaces, not through the failover link.

The command is relevant to all interfaces you want to be monitored for the configured failover interface-policy on the device. For example, if you leave the default failover policy as 1, then the failure of 1 monitored interface will trigger the device to failover to the standby. You can use the failover interface-policy command to change it to any number or percentage of monitored interfaces.

Hope that helps!


This Discussion